Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

kool808

Posted 16 July 2005 - 07:10 PM

kool808

Visiting Staff

Member

1,690 posts

Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference.===========================================Please download the trial version of Ewido Security Suite [ HERE ]Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from HereUnzip it to the desktop but please DO NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check if they exist:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Notes on ALCXMNTR.EXE : Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers

kool808

Posted 16 July 2005 - 11:43 PM

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. The latest version should be Ewido 3.5Do NOT run a scan yet.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Please read the instructions for About:Buster then download it to a safe location where you can easily remember it.Please Download the stand-alone version of CoolWebShredderDownload Cleanup.

Save all of these files somewhere you will remember like to the Desktop.

Run the CleanUp! installer. You dont need to do anything with it right now. Do NOT run it yet.

Update About:Buster

Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.

Navigate to the AboutBuster directory and double-click on AboutBuster.exe.

Click "OK" at the prompt with instructions.

Click "Update" and then "Check For Update" to begin the update process.

If any updates exist please download them by clicking "Download Update" then click the X to close that window.

Now close About:Buster

Update CWShredder

Open CWShredder and click I AGREE

Click Check For Update

Close CWShredder

Reboot in SAFE MODE. (How to boot in Safe Mode...)================================================Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below: